Managing Permissions in a Shared Recovery Site Configuration

<

You can configure Site Recovery Manager to use with a shared recovery site. The vCenter Server administrator on the shared recovery site must manage permissions so that each user has sufficient privileges to configure and use Site Recovery Manager, but no user has access to resources that belong to another user.

In the context of a shared recovery site, a user is the owner of a pair of Site Recovery Manager Server instances. Users with adequate permissions must be able to access the shared recovery site to create, test, and run the recovery plans for their own protected site. The vCenter Server administrator at the shared recovery site must create a separate user group for each user. No user's user accounts can be a member of the vCenter Server Administrators group. The only supported configuration for a shared recovery site is for one organization to manage all of the protected sites and the recovery site.

Caution:

Certain Site Recovery Manager roles allow users to run commands on Site Recovery Manager Server, so you should assign these roles to trusted administrator-level users only. See Site Recovery Manager Roles Reference for the list of Site Recovery Manager roles that run commands on Site Recovery Manager Server.

On a shared recovery site, multiple customers share a single vCenter Server instance. In some cases, multiple customers can share a single ESXi host on the recovery site. You can map the resources on the protected sites to shared resources on the shared recovery site. You might share resources on the recovery site if you do not need to keep all of the customers' virtual machines separate, for example if all of the customers belong to the same organization.

You can also create isolated resources on the shared recovery site and map the resources on the protected sites to their own dedicated resources on the shared recovery site. You might use this configuration if you must keep all of the customers' virtual machines separate from each other, for example if all of the customers belong to different organizations.

Guidelines for Sharing User Resources

Follow these guidelines when you configure permissions for sharing user resources on the shared recovery site:

All users must have read access to all folders of the vCenter Server on the shared recovery site.

Do not give a user the permission to rename, move, or delete the datacenter or host.

Do not give a user the permission to create virtual machines outside of the user’s dedicated folders and resource pools.

Do not allow a user to change roles or assign permissions for objects that are not dedicated to the user’s own use.

To prevent unwanted propagation of permissions across different organizations’ resources, do not propagate permissions on the root folder, datacenters, and hosts of the vCenter Server on the shared recovery site.

Guidelines for Isolating User Resources

Follow these guidelines when you configure permissions for isolating user resources on the shared recovery site:

Assign to each user a separate virtual machine folder in the vCenter Server inventory.

Set permissions on this folder to prevent any other user from placing their virtual machines in it. For example, set the Administrator role and activate the propagate option for a user on that userʹs folder. This configuration prevents duplicate name errors that might otherwise occur if multiple users protect virtual machines that have identical names.

Place all of the userʹs placeholder virtual machines in this folder, so that they can inherit its permissions.

Do not assign permissions to access this folder to other users.

Assign dedicated resource pools, datastores, and networks to each user, and configure the permissions in the same way as for folders.

Caution:

A deployment in which you isolate user resources still assumes trust between the vSphere sites. Even though you can isolate user resources, you cannot isolate the users themselves. This is not a suitable deployment if you must keep all users completely separate.

Viewing Tasks and Events in a Shared Recovery Site Configuration

In the Recent Tasks panel of the vSphere Client, users who have permissions to view an object can see tasks that other users start on that object. All users can see all of the tasks that other users perform on a shared resource. For example, all users can see the tasks that run on a shared host, datacenter, or the vCenter Server root folder.

Events that all of the instances of Site Recovery Manager Server generate on a shared recovery site have identical permissions. All users who can see events from one instance of Site Recovery Manager Server can see events from all Site Recovery Manager Server instances that are running on the shared recovery site.